[IPsec] About port floating b/w 4500 and 500

Srinivasu S R S Dhulipala (srinid) writes: > With the above NAT-T and MOBIKE in the context, I've the following > questions: > > 1) Can an IKE peer that migrated to 4500 for some reason migrate back to > 500 later? Is that allowed? If using MOBIKE it is very clear it cannot migrate back, as M

[IPsec] I-D Action:draft-ietf-ipsecme-ikev2-ipv6-config-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : IPv6 Configuration in IKEv2 Author(s) : P. Eronen, et al. Filename

Re: [IPsec] I-D Action:draft-ietf-ipsecme-ikev2-redirect-11.txt

Hello, The document was revised to address the comments received from the AD. The diff is at http://tools.ietf.org/wg/ipsecme/draft-ietf-ipsecme-ikev2-redirect/draft -ietf-ipsecme-ikev2-redirect-11-from-10.diff.html The Mobile IPv6-related text, that was in two different sections, has been moved

Re: [IPsec] WG Last Call: draft-ietf-ipsecme-ikev2-resumption-04.txt

Yaron Sheffer wrote: > Hi Pasi, > > Sorry for the late reply. > > I believe most people would NOT expect a properly terminated > (deleted) IKE SA to be resumed. To give one example, suppose I > "downsize" a user and revoke his access rights. Today I will simply > terminate (=delete) all his exis

Re: [IPsec] WG Last Call: draft-ietf-ipsecme-ikev2-resumption-04.txt

I agree with Yaron that it should be the way it is now described in the draft. If either side deleted the IKE SA, then it should not come back to life through session resumption. Specifically, the client should not get reconnected without authentication. The laptop example is excellent. If I clo

[IPsec] FW: I-D Action:draft-nir-ike-nochild-02.txt

Hi all version -02 of this private submission draft, with two additional co-authors and some more use cases. Enjoy Yoav From: i-d-announce-boun...@ietf.org [i-d-announce-boun...@ietf.org] On Behalf Of internet-dra...@ietf.org [internet-dra...@ietf.org]

Re: [IPsec] FW: I-D Action:draft-nir-ike-nochild-02.txt

Hi Yoav, Please find my inputs: 1. In section 3: . A supporting responder that advertised the VID payload in the IKE_INIT response MUST process a modified IKE_AUTH request, and MUST reply with a modified IKE_AUTH response. Such a responder MUST NOT reply with a modified IKE_AUT

Re: [IPsec] FW: I-D Action:draft-nir-ike-nochild-02.txt

Hi Yoav, On Thu, Jun 18, 2009 at 11:24 AM, Raj Singh wrote: > Hi Yoav, > > Please find my inputs: > > 1. In section 3: > > . > >A supporting responder that advertised the VID payload in the >IKE_INIT response MUST process a modified IKE_AUTH request, and MUST > >reply with a modi